Corivai is a GitHub Action that provides automated code reviews and interactive discussions using various AI models. It not only reviews your pull requests but also engages in meaningful conversations through comments, offering explanations and clarifications when needed.
Here is Gitlab CI support.
- Code quality assessment and best practices recommendations
- Potential bug detection and security vulnerability identification
- Performance optimization suggestions
- Coding style and consistency checks
- AI-powered responses to questions about its review comments
- Detailed explanations of suggested changes
- Technical discussions through comment threads
- Contextual understanding of the code being discussed
| Automated Code Review |
|---|
 |
| Interactive Comment Responses |
|---|
 |
| Gitlab CI support, Gitlab CI not support interactive Comment |
|---|
 |
Add these secrets to your GitHub repository:
REVIEWER_API_KEY: Your API key for the chosen AI provider
Create .github/workflows/code-review.yml in your repository:
name: AI Code Review
on:
# Triggered when a pull request is opened or updated
pull_request:
types: [ opened, synchronize ]
# Triggered when someone comments on a review
pull_request_review_comment:
types: [ created ]
jobs:
review:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: write
steps:
- uses: actions/checkout@v3
- name: AI Code Review
uses: utsmannn/corivai@v5
with:
reviewer-api-key: ${{ secrets.REVIEWER_API_KEY }}
github-token: ${{ secrets.GITHUB_TOKEN }}
model-name: 'your-model-name'
openai-url: 'your-endpoint-url' # optional, default: https://api.openai.com/v1
max-diff-size: '100000' # optional
custom-instructions: | # optional
Your custom review guidelines here| Parameter | Required | Description | Default | Example Values |
|---|---|---|---|---|
| reviewer-api-key | Yes | Authentication key for AI service | - | Gemini API key, 'ollama' |
| github-token | Yes | GitHub token for API access | - | ${{ secrets.GITHUB_TOKEN }} |
| model-name | Yes | AI model identifier | - | 'gemini-pro', 'codellama' |
| openai-url | No | AI service endpoint URL | https://api.openai.com/v1 | See provider-specific configs below |
| max-diff-size | No | Maximum diff size in bytes | 100000 | '500000' |
| custom-instructions | No | Additional review guidelines | - | Markdown formatted instructions |
See: https://platform.openai.com/docs/quickstart
Models: https://platform.openai.com/docs/models
- name: AI Code Review
uses: utsmannn/corivai@v5
with:
reviewer-api-key: ${{ secrets.OPENAI_API_KEY }}
github-token: ${{ secrets.GITHUB_TOKEN }}
model-name: 'gpt-3.5-turbo'See: https://ai.google.dev/gemini-api/docs/openai
Models: https://ai.google.dev/gemini-api/docs/models/gemini
- name: AI Code Review
uses: utsmannn/corivai@v5
with:
reviewer-api-key: ${{ secrets.GEMINI_API_KEY }}
github-token: ${{ secrets.GITHUB_TOKEN }}
model-name: 'gemini-1.5-flash'
openai-url: 'https://generativelanguage.googleapis.com/v1beta/openai/'See: https://ollama.com/blog/openai-compatibility
- name: AI Code Review
uses: utsmannn/corivai@v5
with:
reviewer-api-key: 'ollama'
github-token: ${{ secrets.GITHUB_TOKEN }}
model-name: 'codellama' # or other models like 'llama2', 'mixtral'
openai-url: 'http://your-ollama-endpoint/v1'See: https://api-docs.deepseek.com/
Models: https://api-docs.deepseek.com/quick_start/pricing
- name: AI Code Review
uses: utsmannn/corivai@v5
with:
reviewer-api-key: ${{ secrets.DEEPSEEK_API_KEY }}
github-token: ${{ secrets.GITHUB_TOKEN }}
model-name: 'deepseek-coder'
openai-url: 'https://api.deepseek.com/v1'-
When a pull request is opened or updated:
- The action retrieves the diff content
- Changes are processed in manageable chunks
- Each chunk is analyzed by the AI model
- Review comments are posted on specific lines
- A completion comment is added with the processed SHA
-
Review comment format:
**Finding**: [AI's review comment]
-
When a user replies to a review comment:
- The action captures the conversation context
- Processes the entire comment thread
- Generates a contextually aware response
- Posts the response as a reply
-
Comment thread handling:
- Maintains conversation context
- References the original code snippet
- Considers all previous replies in the thread
- Provides detailed technical explanations
custom-instructions: |
## Review Priority
1. Security vulnerabilities
2. Performance issues
3. Code maintainability
4. Documentation quality
## Specific Checks
- SQL injection vulnerabilities
- Resource leaks
- Error handling completeness
- Test coverage adequacy- name: AI Code Review
uses: utsmannn/corivai@v5
with:
reviewer-api-key: ${{ secrets.REVIEWER_API_KEY }}
github-token: ${{ secrets.GITHUB_TOKEN }}
model-name: 'gemini-pro'
open-ai-url: 'https://generativelanguage.googleapis.com/v1'
max-diff-size: '500000' # Increased for larger diffs
custom-instructions: |
Focus on critical issues only
Skip minor style suggestions-
Authentication Failures
- Verify API key validity and permissions
- Check secret configuration in repository settings
- Ensure endpoint URL is correctly formatted
-
Review Timeout Issues
- Reduce max-diff-size parameter
- Split large pull requests into smaller ones
- Check AI provider's timeout limits
-
Comment Response Problems
- Verify GitHub token permissions
- Check comment thread depth limits
- Ensure bot has write access to pull requests
Add environment variable ACTIONS_STEP_DEBUG=true in repository settings for detailed logging.
-
Pull Request Size
- Keep changes focused and minimal
- Split large changes into multiple PRs
- Target less than 50% of max-diff-size
-
Comment Interactions
- Ask specific questions in replies
- Reference relevant code sections
- Keep thread depth reasonable
-
Custom Instructions
- Be specific about priorities
- Include project-specific guidelines
- Update based on team feedback
You can find this GitLab component in the GitLab catalog.
The Gitlab CI only support for review code!
-
Create an access token in your project
- Go to Settings > Access tokens > Add new token
- Select the following scopes:
api,read_api,read_repository,write_repository - Name the token the same as your bot name (commented).
-
Store your token in a variable
- Go to CI/CD > Variables > Add variable
- Make sure the token is visible in jobs by using these settings:
- Visibility: Visible
- Flags: Uncheck "Protect variable"
- Key: Your variable name
Finally, add the following to your .gitlab-ci.yml file:
include:
- component: $CI_SERVER_FQDN/utsmannn/corivai/code-review@v8.0.0
inputs:
stage: build
gitlab-token: '$GITLAB_TOKEN'
reviewer-api-key: 'ollama'
openai-url: "https://o.codeutsman.com/v1"
max-diff-size: "500000"
model-name: "qwen2.5-coder"We welcome contributions to improve Corivai:
- Fork the repository
- Create a feature branch
- Submit a pull request with detailed description
- Ensure tests pass and documentation is updated
This project is licensed under the MIT License - see the LICENSE file for details.
For issues and feature requests, please use the GitHub Issues section of the repository.